SuiteCRM – SAML authentication vulnerability

Posted on 26.01.2023 by A. Kirillov

There’s a serious bug in the current implementation of SAML authentication which allows an unauthenticated attacker to log into any existing user account without a password. The details have been reported to the vendor.

The quick fix below has been tested with SuiteCRM-7.8.18 LTS but may also work with newer SuiteCRM versions.

Name	Size	MD5
SuiteCRM-7.8.18-SAML-auth.patch	895 B	43f851518ce8147efcfdd128d06ab5ab

To apply the patch on a Linux system run the following command in the SuiteCRM root:

# patch -p0 <SuiteCRM-7.8.18-SAML-auth.patch

Posted in Software, System Administration Tagged with: SAML, SuiteCRM

A. Kirillov © 2024

potato

Xmas

Merry Xmas, friend!

Browser out of date

You should update your browser. If you continue, some features of this site may not work as intended.

No cookies

You have to enable cookies for this site to work properly.

No JavaScript

You need to enable JavaScript to access all features of this site.

About cookies

By using this website you consent to the use of cookies. This is necessary for normal operation of the site, targeted advertising and traffic analysis. Read our full Privacy notice.